Recently, some Windows 10 users have reported an issue connecting to Arcus and other CAC-enabled website like Government webmail or DI2E, possibly related to a Windows 10 update. Windows appears to be presenting CAC certificates to Arcus and other CAC enabled sites incorrectly. The problem manifests as one of the following in your browser:
- In Edge or Internet Explorer: Can’t connect securely to this page. This might be because the site uses outdated or unsafe TLS security settings.
- In Chrome: This site can’t provide a secure connection app.arcus-cloud.io didn’t accept your login certificate, or one may not have been provided
- In Chrome: ERR_BAD_SSL_CLIENT_AUTH_CERT
- Any browser: Client Certificate Not Found
- In Firefox: Secure connection failed. An error occurred during a connection to app.arcus-cloud.io. Unable to digitally sign data required to verify your certificate. Error code: SSL_ERROR_SIGN_HASHES_FAILURE
FBCA Cross-Certificate Remover Tool
Most Arcus users have reported success running the FBCA Cross-Certificate Remover from DISA:
- Download the Cross-Certificate Remover Tool
- Close the browser completely, an re-open
- Navigate to (CONS3RT) and attempt to sign-in
Log in to Arcus with another Certificate
- If you usually log in with your CAC EMAIL certificate, try selecting your ID certificate
- Follow these instructions to add the certificate to your (CONS3RT) account
Update Windows 10 to version 1809
Not all but most of the folks experiencing this issue seem to be on Windows 10 version 1803, although we have reports from other versions as well. Here is a related article:
If the above options are not working, it may be worth upgrading Windows to version 1809.
- OS and specific version (e.g. Windows 10 version 1803). You can find my searching
About your PCand scrolling down to the bottom
- Device: Corporate laptop, NIPR/GFE laptop, personal computer, etc.
- Network: Corporate network, NIPR, home network, WiFi hotspot
- Are you using a VPN?
- Browser(s) Attempted including browser version
- Other CAC Sites can you connect to the following with the same certificate:
- Local TLS Settings: In Internet Explorer, go to Internet Options, “Advanced”, and scroll down to see the TLS settings
- Trusted Sites: In Internet Explorer, go to Internet Options, click “Security”, and check if CONS3RT needs to be added to trusted sites. If so please add